lkft/linux-stable-rc-linux-6.15.y - v6.15.1-35-g04e133874a24 - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper

Date

June 7, 2025, 10:40 a.m.

Environment
qemu-arm64
qemu-x86_64

[   25.205263] ==================================================================
[   25.205392] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   25.205579] Free of addr fff00000c7850000 by task kunit_try_catch/243
[   25.205650] 
[   25.205965] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   25.206105] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.206141] Hardware name: linux,dummy-virt (DT)
[   25.206183] Call trace:
[   25.206219]  show_stack+0x20/0x38 (C)
[   25.206297]  dump_stack_lvl+0x8c/0xd0
[   25.206365]  print_report+0x118/0x608
[   25.206442]  kasan_report_invalid_free+0xc0/0xe8
[   25.206778]  __kasan_mempool_poison_pages+0xe0/0xe8
[   25.206874]  mempool_free+0x24c/0x328
[   25.207085]  mempool_double_free_helper+0x150/0x2e8
[   25.207328]  mempool_page_alloc_double_free+0xbc/0x118
[   25.207464]  kunit_try_run_case+0x170/0x3f0
[   25.207595]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.207721]  kthread+0x328/0x630
[   25.207856]  ret_from_fork+0x10/0x20
[   25.207995] 
[   25.208044] The buggy address belongs to the physical page:
[   25.208118] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107850
[   25.208192] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   25.208579] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000
[   25.208744] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   25.208811] page dumped because: kasan: bad access detected
[   25.208941] 
[   25.208969] Memory state around the buggy address:
[   25.209025]  fff00000c784ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.209084]  fff00000c784ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.209135] >fff00000c7850000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.209479]                    ^
[   25.209594]  fff00000c7850080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.209665]  fff00000c7850100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.209714] ==================================================================
[   25.188469] ==================================================================
[   25.188584] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   25.188698] Free of addr fff00000c7850000 by task kunit_try_catch/241
[   25.188756] 
[   25.188828] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   25.189002] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.189037] Hardware name: linux,dummy-virt (DT)
[   25.189104] Call trace:
[   25.189163]  show_stack+0x20/0x38 (C)
[   25.189284]  dump_stack_lvl+0x8c/0xd0
[   25.189410]  print_report+0x118/0x608
[   25.189476]  kasan_report_invalid_free+0xc0/0xe8
[   25.189535]  __kasan_mempool_poison_object+0x14c/0x150
[   25.189596]  mempool_free+0x28c/0x328
[   25.189654]  mempool_double_free_helper+0x150/0x2e8
[   25.189770]  mempool_kmalloc_large_double_free+0xc0/0x118
[   25.189856]  kunit_try_run_case+0x170/0x3f0
[   25.189949]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.190023]  kthread+0x328/0x630
[   25.190078]  ret_from_fork+0x10/0x20
[   25.190138] 
[   25.190185] The buggy address belongs to the physical page:
[   25.190237] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107850
[   25.190330] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   25.190449] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff)
[   25.190550] page_type: f8(unknown)
[   25.190621] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   25.190698] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   25.190762] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000
[   25.190819] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   25.190879] head: 0bfffe0000000002 ffffc1ffc31e1401 00000000ffffffff 00000000ffffffff
[   25.190936] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   25.190983] page dumped because: kasan: bad access detected
[   25.191021] 
[   25.191044] Memory state around the buggy address:
[   25.191086]  fff00000c784ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.191244]  fff00000c784ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.191345] >fff00000c7850000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.191442]                    ^
[   25.191489]  fff00000c7850080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.191541]  fff00000c7850100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   25.191937] ==================================================================
[   25.168855] ==================================================================
[   25.169026] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8
[   25.169184] Free of addr fff00000c76c5a00 by task kunit_try_catch/239
[   25.169269] 
[   25.169373] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT 
[   25.169508] Tainted: [B]=BAD_PAGE, [N]=TEST
[   25.169541] Hardware name: linux,dummy-virt (DT)
[   25.169581] Call trace:
[   25.169612]  show_stack+0x20/0x38 (C)
[   25.169676]  dump_stack_lvl+0x8c/0xd0
[   25.169734]  print_report+0x118/0x608
[   25.169787]  kasan_report_invalid_free+0xc0/0xe8
[   25.169846]  check_slab_allocation+0xd4/0x108
[   25.169901]  __kasan_mempool_poison_object+0x78/0x150
[   25.169960]  mempool_free+0x28c/0x328
[   25.170017]  mempool_double_free_helper+0x150/0x2e8
[   25.170077]  mempool_kmalloc_double_free+0xc0/0x118
[   25.170139]  kunit_try_run_case+0x170/0x3f0
[   25.170199]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.170261]  kthread+0x328/0x630
[   25.170329]  ret_from_fork+0x10/0x20
[   25.170392] 
[   25.170429] Allocated by task 239:
[   25.170469]  kasan_save_stack+0x3c/0x68
[   25.170524]  kasan_save_track+0x20/0x40
[   25.170570]  kasan_save_alloc_info+0x40/0x58
[   25.170617]  __kasan_mempool_unpoison_object+0x11c/0x180
[   25.170667]  remove_element+0x130/0x1f8
[   25.170711]  mempool_alloc_preallocated+0x58/0xc0
[   25.170761]  mempool_double_free_helper+0x94/0x2e8
[   25.170809]  mempool_kmalloc_double_free+0xc0/0x118
[   25.170859]  kunit_try_run_case+0x170/0x3f0
[   25.170904]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.170957]  kthread+0x328/0x630
[   25.170996]  ret_from_fork+0x10/0x20
[   25.171040] 
[   25.171061] Freed by task 239:
[   25.171092]  kasan_save_stack+0x3c/0x68
[   25.171137]  kasan_save_track+0x20/0x40
[   25.171178]  kasan_save_free_info+0x4c/0x78
[   25.171224]  __kasan_mempool_poison_object+0xc0/0x150
[   25.171872]  mempool_free+0x28c/0x328
[   25.172238]  mempool_double_free_helper+0x100/0x2e8
[   25.172367]  mempool_kmalloc_double_free+0xc0/0x118
[   25.172439]  kunit_try_run_case+0x170/0x3f0
[   25.172490]  kunit_generic_run_threadfn_adapter+0x88/0x100
[   25.172545]  kthread+0x328/0x630
[   25.172591]  ret_from_fork+0x10/0x20
[   25.172787] 
[   25.172817] The buggy address belongs to the object at fff00000c76c5a00
[   25.172817]  which belongs to the cache kmalloc-128 of size 128
[   25.172898] The buggy address is located 0 bytes inside of
[   25.172898]  128-byte region [fff00000c76c5a00, fff00000c76c5a80)
[   25.173043] 
[   25.173077] The buggy address belongs to the physical page:
[   25.173121] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1076c5
[   25.173194] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff)
[   25.173313] page_type: f5(slab)
[   25.173375] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000
[   25.173612] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   25.173823] page dumped because: kasan: bad access detected
[   25.174236] 
[   25.174373] Memory state around the buggy address:
[   25.174498]  fff00000c76c5900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.174620]  fff00000c76c5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.174677] >fff00000c76c5a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   25.174728]                    ^
[   25.174793]  fff00000c76c5a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   25.174850]  fff00000c76c5b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   25.174898] ==================================================================

Metadata Full log Test run details

arch

arm64

host

x86_64

plan

2yB0gIpV00SQv6iVnfHfZMmLnJi

job_id

TEST:linaro@lkft#2yB0l1lM4PPUPWLjAP2OyhEuEu2

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0l1lM4PPUPWLjAP2OyhEuEu2

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0hRG4OZ41JIc4J6kshzREMIB/Image.gz
sha256sum	1b531226140e142190e4cd0e4f3862050b0e2c45e059974a53d69b2b25304bf8

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/arm64/rootfs.ext4.xz
sha256sum	905f5619346e1db164ac162d2472afab1c1502c840ccd8eb365c2a644148903b

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0hRG4OZ41JIc4J6kshzREMIB/modules.tar.xz
sha256sum	96aed9ab36b698bb4c9bf06650847db2adf83170cdf96c9ed9e744a15d7b27ec

durations

tests

boot	0
kunit	362.08

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

[   15.643108] ==================================================================
[   15.643597] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   15.644206] Free of addr ffff888103988000 by task kunit_try_catch/259
[   15.644498] 
[   15.644647] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   15.644718] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.644733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.644757] Call Trace:
[   15.644773]  <TASK>
[   15.644794]  dump_stack_lvl+0x73/0xb0
[   15.644850]  print_report+0xd1/0x650
[   15.644879]  ? __virt_addr_valid+0x1db/0x2d0
[   15.644913]  ? kasan_addr_to_slab+0x11/0xa0
[   15.644934]  ? mempool_double_free_helper+0x184/0x370
[   15.644959]  kasan_report_invalid_free+0x10a/0x130
[   15.644984]  ? mempool_double_free_helper+0x184/0x370
[   15.645010]  ? mempool_double_free_helper+0x184/0x370
[   15.645033]  __kasan_mempool_poison_pages+0x115/0x130
[   15.645057]  mempool_free+0x290/0x380
[   15.645082]  mempool_double_free_helper+0x184/0x370
[   15.645107]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   15.645130]  ? update_load_avg+0x1be/0x21b0
[   15.645151]  ? dequeue_entities+0x27e/0x1740
[   15.645175]  ? finish_task_switch.isra.0+0x153/0x700
[   15.645202]  mempool_page_alloc_double_free+0xe8/0x140
[   15.645224]  ? __pfx_mempool_page_alloc_double_free+0x10/0x10
[   15.645245]  ? dequeue_task_fair+0x166/0x4e0
[   15.645266]  ? __pfx_mempool_alloc_pages+0x10/0x10
[   15.645286]  ? __pfx_mempool_free_pages+0x10/0x10
[   15.645308]  ? __pfx_read_tsc+0x10/0x10
[   15.645329]  ? ktime_get_ts64+0x86/0x230
[   15.645357]  kunit_try_run_case+0x1a5/0x480
[   15.645383]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.645404]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.645428]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.645450]  ? __kthread_parkme+0x82/0x180
[   15.645472]  ? preempt_count_sub+0x50/0x80
[   15.645496]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.645520]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.645542]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.645576]  kthread+0x337/0x6f0
[   15.645596]  ? trace_preempt_on+0x20/0xc0
[   15.645630]  ? __pfx_kthread+0x10/0x10
[   15.645648]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.645669]  ? calculate_sigpending+0x7b/0xa0
[   15.645691]  ? __pfx_kthread+0x10/0x10
[   15.645709]  ret_from_fork+0x41/0x80
[   15.645731]  ? __pfx_kthread+0x10/0x10
[   15.645749]  ret_from_fork_asm+0x1a/0x30
[   15.645781]  </TASK>
[   15.646072] 
[   15.654242] The buggy address belongs to the physical page:
[   15.654585] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103988
[   15.656201] flags: 0x200000000000000(node=0|zone=2)
[   15.656427] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000
[   15.656934] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[   15.657227] page dumped because: kasan: bad access detected
[   15.657483] 
[   15.657615] Memory state around the buggy address:
[   15.658517]  ffff888103987f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.658938]  ffff888103987f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.659244] >ffff888103988000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.659786]                    ^
[   15.659947]  ffff888103988080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.660284]  ffff888103988100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.660584] ==================================================================
[   15.617496] ==================================================================
[   15.617992] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   15.618181] Free of addr ffff8881029d8000 by task kunit_try_catch/257
[   15.618310] 
[   15.618393] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   15.618447] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.618460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.618483] Call Trace:
[   15.618498]  <TASK>
[   15.618517]  dump_stack_lvl+0x73/0xb0
[   15.618547]  print_report+0xd1/0x650
[   15.618589]  ? __virt_addr_valid+0x1db/0x2d0
[   15.618613]  ? kasan_addr_to_slab+0x11/0xa0
[   15.618634]  ? mempool_double_free_helper+0x184/0x370
[   15.618656]  kasan_report_invalid_free+0x10a/0x130
[   15.618679]  ? mempool_double_free_helper+0x184/0x370
[   15.618704]  ? mempool_double_free_helper+0x184/0x370
[   15.618725]  __kasan_mempool_poison_object+0x1b3/0x1d0
[   15.618747]  mempool_free+0x2ec/0x380
[   15.618770]  mempool_double_free_helper+0x184/0x370
[   15.618791]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   15.618814]  ? dequeue_entities+0x852/0x1740
[   15.618838]  ? finish_task_switch.isra.0+0x153/0x700
[   15.618873]  mempool_kmalloc_large_double_free+0xed/0x140
[   15.618895]  ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10
[   15.618917]  ? dequeue_task_fair+0x166/0x4e0
[   15.618937]  ? __pfx_mempool_kmalloc+0x10/0x10
[   15.618955]  ? __pfx_mempool_kfree+0x10/0x10
[   15.618977]  ? __pfx_read_tsc+0x10/0x10
[   15.618997]  ? ktime_get_ts64+0x86/0x230
[   15.619024]  kunit_try_run_case+0x1a5/0x480
[   15.619049]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.619072]  ? _raw_spin_lock_irqsave+0xa1/0x100
[   15.619097]  ? _raw_spin_unlock_irqrestore+0x5f/0x90
[   15.619120]  ? __kthread_parkme+0x82/0x180
[   15.619159]  ? preempt_count_sub+0x50/0x80
[   15.619200]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.619230]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.619256]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.619280]  kthread+0x337/0x6f0
[   15.619299]  ? trace_preempt_on+0x20/0xc0
[   15.619324]  ? __pfx_kthread+0x10/0x10
[   15.619343]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.619364]  ? calculate_sigpending+0x7b/0xa0
[   15.619387]  ? __pfx_kthread+0x10/0x10
[   15.619406]  ret_from_fork+0x41/0x80
[   15.619428]  ? __pfx_kthread+0x10/0x10
[   15.619446]  ret_from_fork_asm+0x1a/0x30
[   15.619477]  </TASK>
[   15.619490] 
[   15.628527] The buggy address belongs to the physical page:
[   15.629378] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029d8
[   15.630116] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   15.630337] flags: 0x200000000000040(head|node=0|zone=2)
[   15.630521] page_type: f8(unknown)
[   15.631375] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   15.631741] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.631963] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000
[   15.632178] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000
[   15.632371] head: 0200000000000002 ffffea00040a7601 00000000ffffffff 00000000ffffffff
[   15.632582] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[   15.633047] page dumped because: kasan: bad access detected
[   15.633208] 
[   15.633279] Memory state around the buggy address:
[   15.633439]  ffff8881029d7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.633665]  ffff8881029d7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.633866] >ffff8881029d8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.634054]                    ^
[   15.634168]  ffff8881029d8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.634361]  ffff8881029d8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[   15.635580] ==================================================================
[   15.589148] ==================================================================
[   15.589946] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370
[   15.590473] Free of addr ffff8881033b1600 by task kunit_try_catch/255
[   15.590893] 
[   15.591051] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G    B            N  6.15.2-rc1 #1 PREEMPT(voluntary) 
[   15.591118] Tainted: [B]=BAD_PAGE, [N]=TEST
[   15.591155] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   15.591183] Call Trace:
[   15.591200]  <TASK>
[   15.591221]  dump_stack_lvl+0x73/0xb0
[   15.591261]  print_report+0xd1/0x650
[   15.591289]  ? __virt_addr_valid+0x1db/0x2d0
[   15.591316]  ? kasan_complete_mode_report_info+0x64/0x200
[   15.591341]  ? mempool_double_free_helper+0x184/0x370
[   15.591368]  kasan_report_invalid_free+0x10a/0x130
[   15.591395]  ? mempool_double_free_helper+0x184/0x370
[   15.591446]  ? mempool_double_free_helper+0x184/0x370
[   15.591474]  ? mempool_double_free_helper+0x184/0x370
[   15.591499]  check_slab_allocation+0x101/0x130
[   15.591523]  __kasan_mempool_poison_object+0x91/0x1d0
[   15.591548]  mempool_free+0x2ec/0x380
[   15.591587]  mempool_double_free_helper+0x184/0x370
[   15.591728]  ? __pfx_mempool_double_free_helper+0x10/0x10
[   15.591775]  ? dequeue_entities+0x852/0x1740
[   15.591805]  ? finish_task_switch.isra.0+0x153/0x700
[   15.591834]  mempool_kmalloc_double_free+0xed/0x140
[   15.591860]  ? __pfx_mempool_kmalloc_double_free+0x10/0x10
[   15.591885]  ? dequeue_task_fair+0x166/0x4e0
[   15.591907]  ? __pfx_mempool_kmalloc+0x10/0x10
[   15.591928]  ? __pfx_mempool_kfree+0x10/0x10
[   15.591949]  ? irqentry_exit+0x2a/0x60
[   15.591972]  ? __pfx_read_tsc+0x10/0x10
[   15.591994]  ? ktime_get_ts64+0x86/0x230
[   15.592022]  kunit_try_run_case+0x1a5/0x480
[   15.592049]  ? sysvec_apic_timer_interrupt+0x50/0x90
[   15.592073]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.592098]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.592127]  ? __pfx_kunit_try_run_case+0x10/0x10
[   15.592151]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.592174]  ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10
[   15.592198]  kthread+0x337/0x6f0
[   15.592218]  ? trace_preempt_on+0x20/0xc0
[   15.592244]  ? __pfx_kthread+0x10/0x10
[   15.592263]  ? _raw_spin_unlock_irq+0x47/0x80
[   15.592286]  ? calculate_sigpending+0x7b/0xa0
[   15.592310]  ? __pfx_kthread+0x10/0x10
[   15.592330]  ret_from_fork+0x41/0x80
[   15.592351]  ? __pfx_kthread+0x10/0x10
[   15.592369]  ret_from_fork_asm+0x1a/0x30
[   15.592401]  </TASK>
[   15.592414] 
[   15.600135] Allocated by task 255:
[   15.600334]  kasan_save_stack+0x45/0x70
[   15.600547]  kasan_save_track+0x18/0x40
[   15.600915]  kasan_save_alloc_info+0x3b/0x50
[   15.601151]  __kasan_mempool_unpoison_object+0x1a9/0x200
[   15.601398]  remove_element+0x11e/0x190
[   15.601713]  mempool_alloc_preallocated+0x4d/0x90
[   15.601851]  mempool_double_free_helper+0x8a/0x370
[   15.601966]  mempool_kmalloc_double_free+0xed/0x140
[   15.602076]  kunit_try_run_case+0x1a5/0x480
[   15.602178]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.602294]  kthread+0x337/0x6f0
[   15.602380]  ret_from_fork+0x41/0x80
[   15.602473]  ret_from_fork_asm+0x1a/0x30
[   15.602814] 
[   15.602929] Freed by task 255:
[   15.603092]  kasan_save_stack+0x45/0x70
[   15.603328]  kasan_save_track+0x18/0x40
[   15.603520]  kasan_save_free_info+0x3f/0x60
[   15.603866]  __kasan_mempool_poison_object+0x131/0x1d0
[   15.604114]  mempool_free+0x2ec/0x380
[   15.604297]  mempool_double_free_helper+0x109/0x370
[   15.604573]  mempool_kmalloc_double_free+0xed/0x140
[   15.604904]  kunit_try_run_case+0x1a5/0x480
[   15.605106]  kunit_generic_run_threadfn_adapter+0x85/0xf0
[   15.605353]  kthread+0x337/0x6f0
[   15.605516]  ret_from_fork+0x41/0x80
[   15.605848]  ret_from_fork_asm+0x1a/0x30
[   15.606082] 
[   15.606210] The buggy address belongs to the object at ffff8881033b1600
[   15.606210]  which belongs to the cache kmalloc-128 of size 128
[   15.607142] The buggy address is located 0 bytes inside of
[   15.607142]  128-byte region [ffff8881033b1600, ffff8881033b1680)
[   15.607945] 
[   15.608049] The buggy address belongs to the physical page:
[   15.608210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b1
[   15.608371] flags: 0x200000000000000(node=0|zone=2)
[   15.608487] page_type: f5(slab)
[   15.608596] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000
[   15.609005] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[   15.609344] page dumped because: kasan: bad access detected
[   15.609668] 
[   15.609731] Memory state around the buggy address:
[   15.609842]  ffff8881033b1500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   15.609983]  ffff8881033b1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.610120] >ffff8881033b1600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   15.610253]                    ^
[   15.610333]  ffff8881033b1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[   15.610464]  ffff8881033b1700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[   15.610721] ==================================================================

Metadata Full log Test run details

arch

x86_64

host

x86_64

plan

2yB0gIpV00SQv6iVnfHfZMmLnJi

job_id

TEST:linaro@lkft#2yB0mjaDXA0CwqutKjQjRIFyOIe

job_url

https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2yB0mjaDXA0CwqutKjQjRIFyOIe

artefacts

kernel

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0iWsIpvkPL1CcASqfwUWosuV/bzImage
sha256sum	47ba1de281267f956a3a48f9181f4c477feef4bcb70a0c3d7e92edaf4b0c05cf

rootfs

url	https://storage.tuxboot.com/debian/20250605/trixie/amd64/rootfs.ext4.xz
sha256sum	bb36936f45b20f4af35993e582d98e781104116519f71565c7a97bddc546f892

modules

url	https://storage.tuxsuite.com/public/linaro/lkft/builds/2yB0iWsIpvkPL1CcASqfwUWosuV/modules.tar.xz
sha256sum	8e7e333ca033c5e02b3a17a5149fd9967683e83e27203dc8ee3885518ea01f50

durations

tests

boot	0
kunit	394.68

host_arch

amd64

build_name

gcc-13-lkftconfig-kunit

job_status

Complete

qemu_version

1:10.0.0+ds-1

Metadata

Failure - qemu-arm64 - gcc-13-lkftconfig-kunit

Failure - qemu-x86_64 - gcc-13-lkftconfig-kunit